# AI Risk Assessment (AI Tax Assistant Platform demo)

Generated: 2026-06-29 · Policy version: 1.0.0

> Demo report. Framework references illustrate governance alignment.

## 1. Summary (live, across all workspaces)

- Model calls observed: 8
- Eval gate: 50% (gate ≥ 80%, BELOW GATE)
- Calls over cost ceiling ($0.05): 0
- Provider fallbacks: 0
- Total observed cost: $0.0543

## 2. Governance policy (governance-as-code)

- **PII escalation** (g-pii): detect, redact in logs, and audit. Taxpayer PII is normal in officer casework and is handled by the officer; PII is never used to route models or to auto-escalate. Triggers: nric, uen, personal financial details.
- **Eval gate** (g-eval): block promotion of a prompt version whose pass-rate is below the threshold (eval pass-rate (%) ≥ 80).
- **Cost ceiling** (g-cost): flag any single model call above the ceiling in the audit log (> $0.05/call).
- **Grounding** (g-ground): answer with general information + citations only; never reproduce source content; always show the demo disclaimer.

### Deterministic routing rules
- `r-pii`: pii-sensitive → claude-haiku-4-5-20251001 (keywords: nric, uen, fin number, passport number)
- `r-draft`: drafting → claude-sonnet-4-6 (keywords: draft, write a reply, compose, reply to the taxpayer)
- `r-complex`: complex-reasoning → claude-opus-4-8 (keywords: compare, versus,  vs , trade-off, scenario, implications, restructure, optimise, optimize)
- `r-calc`: calculation → gpt-4.1 (keywords: calculate, estimate, compute, how much, work out, chargeable income)
- `r-grounded`: grounded-citation → claude-sonnet-4-6 (keywords: cite, citing, according to, which document, source)
- `r-factual`: factual-lookup → gpt-4o-mini (keywords: what is, what are, rate, threshold, deadline, cap, when is, how many days, due date)
- fallback: gpt-4o-mini (general casework)

## 3. Risk register

| Risk | Severity | Control (enforced) | Status |
|---|---|---|---|
| Disclosure of personal or financial data (PII) in prompts or replies | high | PII detected, redacted in logs, and audited; handled by the officer, never used to route models or auto-escalate | mitigated |
| Incorrect or fabricated tax guidance | high | Eval gate (keyword + LLM-judge) blocks low-scoring prompts; answers cite sources; disclaimer shown | monitored |
| User over-relies on AI for personalised tax advice | medium | Answers framed as guidance for the officer's judgement, not a final assessment; the officer reviews every draft | mitigated |
| Runaway model cost | medium | Per-call cost ceiling + full per-call cost logging in the gateway | monitored |
| A prompt or model change degrades quality unnoticed | medium | Versioned prompts behind an activation pointer + pass-rate trend across eval runs | monitored |
| Reproducing copyrighted source content | medium | Grounding rule: facts + citations only, never reproduce source content | mitigated |

## 4. Alignment with Singapore's AI governance frameworks

Mapped to the IMDA/PDPC Model AI Governance Framework (incl. the 2024 Model AI Governance Framework for Generative AI) and AI Verify.

| Control | Model AI Governance Framework | AI Verify |
|---|---|---|
| PII detection, redaction, and audit; officer reviews every draft | Human-in-the-loop / human oversight; Safety; Data governance | Human agency & oversight; Safety; Data governance |
| Eval gate (keyword + LLM-judge) + pass-rate trend | Testing & assurance (GenAI framework) | Repeatability & reproducibility; Robustness |
| Gateway logging: latency, tokens, cost, provider fallback | Operations management; Incident reporting (GenAI) | Accountability; Transparency |
| Versioned, diffable prompts behind an activation pointer | Traceability & accountability | Transparency; Explainability |
| Deterministic, declarative routing (policy-as-code) | Internal governance & accountability | Accountability; Transparency |
| Grounded answers: facts + citations + disclaimer | Data; Content provenance & transparency (GenAI) | Data governance; Explainability |